File name: | 7dce53d23c72460c9b2059f549378e3d5e62f558091db806395c39ab9877ce36.zip |
Full analysis: | https://app.any.run/tasks/e018afa3-9786-48ed-a2fc-d1d75b4b8c49 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | September 29, 2020, 23:11:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | A251EFDB48C64507120B393C02B3BA24 |
SHA1: | F948D1EAFAAC5F8CD58AF5ACF5DEC7D75391D4C3 |
SHA256: | D14AA0DD82EF2C51D0B9B3BD06618E67343A1F18FDE19588AEC1F61779099595 |
SSDEEP: | 3072:5z0H4qoNhCafwBiH1wqwY4BqRZQ7ZmOC3eCwOV4vpzgr2R/TCemmaLvRe3i3Nq:YDoNr4kHkDZgR87puL5eoq |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0003 |
ZipCompression: | Unknown (99) |
ZipModifyDate: | 2020:09:29 23:11:15 |
ZipCRC: | 0xfeb3fc8a |
ZipCompressedSize: | 150614 |
ZipUncompressedSize: | 409600 |
ZipFileName: | 7dce53d23c72460c9b2059f549378e3d5e62f558091db806395c39ab9877ce36.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1876 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\7dce53d23c72460c9b2059f549378e3d5e62f558091db806395c39ab9877ce36.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1336 | "C:\Users\admin\Desktop\7dce53d23c72460c9b2059f549378e3d5e62f558091db806395c39ab9877ce36.exe" | C:\Users\admin\Desktop\7dce53d23c72460c9b2059f549378e3d5e62f558091db806395c39ab9877ce36.exe | explorer.exe | |
User: admin Company: Flex Inc. Integrity Level: MEDIUM Description: Replacement for the Masked Edit Control v 2.0. Exit code: 0 Version: 2.8.0.3 | ||||
2096 | "C:\Users\admin\AppData\Local\KBDINBE1\aeinv.exe" | C:\Users\admin\AppData\Local\KBDINBE1\aeinv.exe | 7dce53d23c72460c9b2059f549378e3d5e62f558091db806395c39ab9877ce36.exe | |
User: admin Company: Flex Inc. Integrity Level: MEDIUM Description: Replacement for the Masked Edit Control v 2.0. Version: 2.8.0.3 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1336 | 7dce53d23c72460c9b2059f549378e3d5e62f558091db806395c39ab9877ce36.exe | C:\Users\admin\AppData\Local\Temp\~DF9B3FCB0DB7573AAE.TMP | — | |
MD5:— | SHA256:— | |||
1876 | WinRAR.exe | C:\Users\admin\Desktop\7dce53d23c72460c9b2059f549378e3d5e62f558091db806395c39ab9877ce36.exe | executable | |
MD5:DE3999241E1012E15523EEB9A9D25F80 | SHA256:7DCE53D23C72460C9B2059F549378E3D5E62F558091DB806395C39AB9877CE36 | |||
1336 | 7dce53d23c72460c9b2059f549378e3d5e62f558091db806395c39ab9877ce36.exe | C:\Users\admin\AppData\Local\KBDINBE1\aeinv.exe | executable | |
MD5:DE3999241E1012E15523EEB9A9D25F80 | SHA256:7DCE53D23C72460C9B2059F549378E3D5E62F558091DB806395C39AB9877CE36 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2096 | aeinv.exe | POST | 200 | 116.91.240.96:80 | http://116.91.240.96/rxNrTW/ | JP | binary | 132 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2096 | aeinv.exe | 116.91.240.96:80 | — | ARTERIA Networks Corporation | JP | malicious |
PID | Process | Class | Message |
---|---|---|---|
2096 | aeinv.exe | A Network Trojan was detected | ET TROJAN Win32/Emotet CnC Activity (POST) M10 |